ISO 27001 certification
DEKRA Audit Netherlands

Do you want to show that your organization works with modern IT systems and smart data management?

ISO 27001 certification

Reliable information security with ISO 27001

Outdated technology, misusing IT or malware infections. These can all lead to cybercrime, IT failures, espionage and data misuse. How should you implement a strong information security strategy? ISO 27001 certification gives you this opportunity, letting you protect confidential information in your organization. DEKRA can is happy to test your organization against the international ISO/IEC 27001 standards.

The ISO 27001 certificate is for every organization wanting to demonstrate that it handles confidential information securely, with integrity and reliability. An ISO 27001 certification lets you meet the expectations of clients and stakeholders. Do you operate in accordance with this standard? That means you are taking account of all the relevant information security risks. You are implementing technical and organizational measures to manage confidential data securely. Efficient and reliable cooperation between technical solutions and organizational processes is necessary. Only then will you achieve the level of security that meets the requirements of modern standards.

The certification process

The ISO 27001 audit comprises two phases. In the first, DEKRA checks the ISMS documentation and we determine whether your organization is ready for phase 2 of the certification.

Phase 1

The ISO 27001 certification process also includes a preparatory phase, which occurs before the actual audit​. The phase has nine steps:
1. Determine the scope of information security for your management system (ISMS).
2. Determine the information security objectives.
3. Develop a methodology for risk assessment and risk treatment.
4. Establish a statement of applicability (SoA).
5. Draw up a risk management plan and risk assessment report.
6. Establish security roles and responsibilities.
7. Draw up a resource list for technical measures.
8. Ensure acceptable use of resources.
9. Establish guidelines, for example for access control in accordance with Annex A of ISO 27001.

Phase 2

We assess the effectiveness of the ISMS in the second phase. Our auditors record the findings of the audit in a report. If the results are positive, you will receive the ISO 27001 certificate for a period of up to three years. We conduct a first follow-up audit within a year of the first one, then conduct the second one the following year. After three years recertification follows, with annual follow-up audits.

People Based Auditing (PBA)

In our audit process we always pay attention to the human factor. They determine how they implement the processes, systems and working methods. We call our working method People Based Auditing. A standard added value to our certification of ISO and HKZ Zorg en Welzijn. More about People Bases Auditing >
Experienced market leader

Our experts have many years of experience in information security and certification of management systems. DEKRA is operating in over 60 countries and our certificates are recognized worldwide.

Extensive portfolio

With us you can also combine the ISO 27001 standard with others, e.g., with NEN 7510, ISO 20000-1 or ISO 9000. This lets us carry out audits efficiently, saving you time and money.

People Based Auditing

We audit with recognition of the people in your organization. We call this People-Based Auditing.

New version ISO/IEC 27001:2022

A new version of ISO 27001 was released on 25 October 2022: ISO/IEC 27001:2022. DEKRA is accredited for this by the RvA. The new version has several modifications:
  • Chapters 4 to 10 are structured according to the Harmonized Structure.
  • Annex A of the standard is divided into 4 chapters (according to ISO/IEC 27002:2022):
    • A. organizational measures
    • B. personnel measures
    • C. physical measures
    • D. technological measures
  • Several measures have been combined.
  • 11 new measures have been added.
Your organization can already operate in accordance with the new ISO 27001. For (re)certifications, DEKRA tests for compliance with ISO/IEC 27001:2022. Your current ISO/IEC 27001/2013 certificate remains valid until the date stated on the certificate, but no longer than 31 October 2025. From 1 April 2024, DEKRA will only certify against ISO/IEC 27001:2022. Certificates against ISO/IEC 27001:2022 are issued under the RvA Accreditation.

Book a free session with our expert

Would you like to know how a DEKRA audit takes your organization to a higher level? We are happy to help you! Fill in the form below to get in touch with an ISO 27001 expert for free to discuss the process and aks questions about the audit.

Q&A: ISO 27001 in brief

What is ISO 27001?
ISO 27001 is an international standard for protecting privacy-sensitive information. It shows that your organization handles data and information securely.
Who is ISO 27001 for?
What form does the certification process take?
Can you combine ISO 27001 with other ISO standards?
Can you also perform IT audits with ISO 27001?
Who is DEKRA?
Can I contact a specialist?
ISO 27001 stories